Privacy Policy
FIREfly is a personal-finance app for iPhone that helps you track your net worth, budget, and investments. This policy explains, in plain English, what data the app handles, where that data lives, and who can — and cannot — see it.
Who is responsible for this app
FIREfly is built and maintained by an individual developer, not a company. If you have questions about this policy or your data, see Contact below.
Where your data lives
All of the financial information you enter or import — accounts, balances, transactions, budgets, holdings, and net-worth history — is stored on your device, using Apple's on-device database technology (SwiftData).
If you have iCloud enabled, this data also syncs through your own iCloud account (Apple's CloudKit private database) so it can move between your devices. This is your personal, private iCloud storage. The developer cannot access it, and Apple governs it under Apple's Privacy Policy.
There is no FIREfly server that holds your financial data. The developer never receives your balances or transactions.
What the developer collects
Nothing about your finances by default. The app has no advertising or data-broker code, does not use Apple's advertising identifier (IDFA), and will never show the App Tracking Transparency prompt, because it does not track you across other apps or websites.
The developer does collect two narrow things, described in detail below:
- A stable, anonymous identifier if you sign in with Apple to connect a bank (used only to secure that connection — see below).
- Optional, anonymized product analytics — off by default — if you choose to turn them on (see "Analytics").
Connecting a bank (optional, via Plaid)
FIREfly can optionally connect to your bank or brokerage so balances and transactions update automatically. This feature is powered by Plaid, a third-party financial-data provider.
- Connecting an account is entirely your choice. If you never connect a bank, no bank data is ever involved.
- When you connect, you authenticate directly with your bank through Plaid's secure interface. Plaid processes the bank data for the accounts you choose to connect and delivers it to your device.
- Plaid's handling of your information is governed by Plaid's End User Privacy Policy and its End User Services Agreement.
- To broker the connection to Plaid, the app uses a lightweight "relay" service run by the app developer. This relay stores only the encrypted Plaid access tokens needed to keep your connection alive — not your transactions or balances, which flow directly to your device. Put simply: the relay holds the keys to the data, not the data. Those tokens are encrypted at rest and scoped to your account only.
You can disconnect a linked bank at any time from within the app.
Signing in for bank sync (Sign in with Apple)
To use the bank-connection feature, the app authenticates you to the relay using Sign in with Apple. This is used only to secure your bank-sync connection.
- The app requests no personal information scopes — not your name and not your email.
- It receives only the stable, opaque user identifier that Apple provides. That identifier cannot be used to look up who you are.
- No account or login is required to use the rest of the app. You can track your finances with no sign-in at all; Sign in with Apple only comes into play if you choose to connect a bank.
Analytics (opt-in, anonymized)
Product analytics help the developer understand which parts of the app are useful, so they can be prioritized. Analytics are:
- Off by default. You choose to turn them on; nothing is collected unless you opt in.
- Anonymized. Events are not tied to your identity, name, or email.
- Free of financial data — always. Analytics never include balances, holdings, transactions, categories, institution names, or account identifiers. An analytics event might record that a screen was viewed; it will never record what was on that screen.
Separately, the relay server keeps minimal operational logs (for example, which route was called and whether it succeeded) so the developer can keep the service running. These logs never contain token values, account data, or financial content, and reference you only by a one-way hash of your account identifier — never your identity.
Market quotes
To show current prices for your investments, the app requests quotes from a market-data
provider using only ticker symbols (for example, AAPL). No personal or financial
information about you is sent with a quote request.
Data you share, and data that is sold
FIREfly does not sell your data and does not share it with third parties for their own purposes. The only third party that receives data is Plaid, and only when you choose to connect a bank, solely to make that connection work.
Retention and deletion
Because your data lives on your device and in your own iCloud, you control it. You can also delete your account and all associated data at any time from within the app. Doing so:
- Wipes your on-device data from that device.
- Purges your iCloud copy (the CloudKit zone holding your data).
- Deletes your encrypted bank-connection tokens from the relay, scoped only to your account — no other user's data is touched.
You can also manage or delete the iCloud copy directly in the Settings app under your name → iCloud → Manage Account Storage, or disconnect a bank in-app without deleting everything else. The developer holds no separate server-side copy of your financial data to delete — account deletion in-app is what removes the relay-side tokens described above.
Security
- All network requests use standard encrypted transport (HTTPS).
- Sensitive values on your device are protected using Apple's Keychain.
- Your device data can be protected behind Face ID if you enable the app lock.
- The Plaid access tokens held by the relay are encrypted at rest and scoped to each user.
No method of storage or transmission is ever 100% secure, but the app is designed to minimize what leaves your device in the first place.
Children's privacy
FIREfly is not directed to children and is not intended for use by anyone under 13 (or the minimum age of digital consent in your region). The app does not knowingly collect information from children.
Trying the app without connecting anything
FIREfly includes a demo mode with fictional sample profiles that lives entirely in memory. You can explore every feature this way without connecting a bank or entering any real financial data.
Beta program
During the beta period, this app is offered to a small, invited group of testers. See the Beta Terms of Service for the terms that apply while you're testing.
Changes to this policy
If this policy changes, the updated version will be posted at this URL with a new "Effective date."
Contact
Questions about this policy or your privacy? Contact the developer at support@example.com. (TODO: placeholder support address — see issue #35 for the real one.)